Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Fix PKCS7 parser failing to parse degenerated certificate messages into release/1.17.x #27447

Merged
merged 1 commit into from
Jun 11, 2024
Merged

Backport of Fix PKCS7 parser failing to parse degenerated certificate messages into release/1.17.x #27447

merged 1 commit into from
Jun 11, 2024

Conversation

hc-github-team-secure-vault-core
Copy link
Contributor

Backport

This PR is auto-generated from #27435 to be assessed for backporting due to the inclusion of the label backport/1.17.x.

The below text is copied from the body of the original PR.

A properly formatted PKCS7 message with unsigned multiple certificates is hitting a conditional check that the offset value is greater than the buffer. While that is true, in this use case we don't attempt to read from the buffer again so the check for buffer boundaries causes the parser to fail to read a message.

Tweak the offset checks to occur just before we are about to read from buf using the offset variable and not after we increment the offset variable. Augment the TestDegenerateCertificate to parse its own generated message along with OpenSSL that exposes the issue before the fixes to ber.go

Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/stevendpclark/vault-28030-pkcs7-issues/promptly-curious-dog branch from 9938eae to 680f4d8 Compare June 11, 2024 16:58
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jun 11, 2024
@stevendpclark stevendpclark added this to the 1.17.1 milestone Jun 11, 2024
@stevendpclark stevendpclark enabled auto-merge (squash) June 11, 2024 17:00
@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@stevendpclark stevendpclark merged commit 1735ec9 into release/1.17.x Jun 11, 2024
78 of 80 checks passed
@stevendpclark stevendpclark deleted the backport/stevendpclark/vault-28030-pkcs7-issues/promptly-curious-dog branch June 11, 2024 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

Assignees

@stevendpclark stevendpclark

Labels
backport hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.17.1
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-secure-vault-core @stevendpclark